const { OPERATION_IS_NOT_ALLOWED,SYSTEM_ERROR} = require("../config/error")
const permissionService = require("../service/permission.service")
const verifyPermission = async (ctx, next) => {
    // 获取登录的用户id
    try {
        const { id } = ctx.user
        const keyName=Object.keys(ctx.params)[0]
        const resourceId=ctx.params[keyName]
        const resourceName = keyName.replace('Id', '')
        // 2.查询user的id是否有修改momentId的权限
        const isPermission = await permissionService.checkResouce(resourceName, resourceId, id)
        if (!isPermission) {
          return ctx.app.emit('error', OPERATION_IS_NOT_ALLOWED, ctx)
        }
        await next()
    } catch (error) {
        return ctx.app.emit('error', SYSTEM_ERROR, ctx)
    }


}
module.exports = {
    verifyPermission
}